/*
 *  Copyright 2020-2025 the original author or authors.
 *  You cannot use this file unless authorized by the author.
 */

package org.ipig.web.filter;

import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.ipig.web.context.HttpWebContext;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Arrays;
import java.util.List;

/**
 * 请在此处添加注释
 *
 * @author <a href="mailto:comchnts@163.com">chinats</a>
 * @version $$Id$$
 * @since 1.0
 */
public class GenericCorsFilter implements Filter {
    private String allowOrigin;
    private String allowMethods = "GET,POST,PUT,DELETE,OPTIONS";
    private String allowCredentials = "true";
    private String allowHeaders = "Content-Type,X-Token";
    private String exposeHeaders;


    public void init(FilterConfig filterConfig) throws ServletException {
        if (StringUtils.isNotBlank(filterConfig.getInitParameter("allowOrigin"))) {
            this.allowOrigin = filterConfig.getInitParameter("allowOrigin");
        }
        if (StringUtils.isNotBlank(filterConfig.getInitParameter("allowMethods"))) {
            this.allowMethods = filterConfig.getInitParameter("allowMethods");
        }
        if (StringUtils.isNotBlank(filterConfig.getInitParameter("allowCredentials"))) {
            this.allowCredentials = filterConfig.getInitParameter("allowCredentials");
        }
        if (StringUtils.isNotBlank(filterConfig.getInitParameter("allowHeaders"))) {
            this.exposeHeaders = filterConfig.getInitParameter("exposeHeaders");
        }
        if (StringUtils.isNotBlank(filterConfig.getInitParameter("allowHeaders"))) {
            this.allowHeaders = filterConfig.getInitParameter("allowHeaders");
        }
    }


    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) res;
        HttpWebContext.setRequest(request);
        HttpWebContext.setResponse(response);
        if (StringUtils.isNotEmpty(this.allowOrigin)) {
            List<String> allowOriginList = Arrays.asList(this.allowOrigin.split(","));
            if (CollectionUtils.isNotEmpty(allowOriginList)) {
                String currentOrigin = request.getHeader("Origin");
                if (allowOriginList.contains(currentOrigin)) {
                    response.setHeader("Access-Control-Allow-Origin", currentOrigin);
                }
            }
        }
        if (StringUtils.isNotEmpty(this.allowMethods)) {
            response.setHeader("Access-Control-Allow-Methods", this.allowMethods);
        }
        if (StringUtils.isNotEmpty(this.allowCredentials)) {
            response.setHeader("Access-Control-Allow-Credentials", this.allowCredentials);
        }
        if (StringUtils.isNotEmpty(this.allowHeaders)) {
            response.setHeader("Access-Control-Allow-Headers", this.allowHeaders);
        }
        if (StringUtils.isNotEmpty(this.exposeHeaders)) {
            response.setHeader("Access-Control-Expose-Headers", this.exposeHeaders);
        }
        chain.doFilter(req, res);
        HttpWebContext.setRequest(null);
        HttpWebContext.setResponse(null);
    }

    public void destroy() {
    }
}